Upgrade wordpress and define the secret key

Just finish upgrade all my wordpress blog to latest version and add in the new secret key in all the config file.

So what is this secret key ?

Secure cookies — Old WordPress used cookies with plain data, which were pretty unsafe, but we now have a new cookie technology, where cookies are now encrypted based on new protocol which can be found here . The total cookie is now encrypted with a secret key. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.

via here

so add this into your wp-config.php filre

define('SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase.

But you can’t just simply add anything , BlogSecurity remind you that it need to something totally random. What you can do is make use of secret key generator by the wordpress team, it will generate a random key, just copy and paste into wp-config.php will do.

after you add in this, if you still in the wordpress admin page, it will log you out and ask you to login again, this is just to refresh the cookie.

You may also like...